Lazy shortcuts by Chinese hackers left clear web tracks

Date: February 21 2013

Max Fisher

WASHINGTON: Mandiant, the Virginia firm contracted to investigate cyber attacks against US corporations, says it was able to track an extensive hacking campaign back to the Chinese military in part by exploiting China's own internet restrictions.

China's ''Great Firewall'' blocks access to Facebook and Twitter, among other things. People in China can get around the firewall, and net-savvy Chinese often do, by using something called VPNs, or Virtual Private Networks.

But Chinese hackers already have access to what is presumably an extremely sophisticated VPN: the servers they use for their foreign hacking.

To be totally safe, a Chinese hacker would log out of the servers used for cyber espionage (and allegedly sponsored by the Chinese military) before logging into a separate, more low-key VPN to access US-based social media sites such as Facebook and Twitter.

Instead of following that procedure, according to Mandiant, some of the hackers got lazy.

''The easiest way for them to log into Facebook and Twitter is directly from their attack infrastructure,'' the company's report said. ''Once noticed, this is an effective way to discover their real identities.''

When the hacker uses the ''attack'' servers to log in to Twitter or Facebook, he or she unintentionally links those servers with specific Facebook and Twitter accounts - in other words, with specific human beings. Mandiant traced two hackers, ''DOTA'' and ''UglyGorilla'', all across the web using data points such as this.

The Washington Post

This material is subject to copyright and any unauthorised use, copying or mirroring is prohibited.